Description

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Related CPE's

a

xmlsoft

libxml2

Vulnerable

a

netapp

active_iq_unified_manager

-

*

*

*

*

vmware_vsphere

Vulnerable

a

netapp

clustered_data_ontap

-

Vulnerable

a

netapp

clustered_data_ontap_antivirus_connector

-

Vulnerable

a

netapp

manageability_software_development_kit

-

Vulnerable

a

netapp

smi-s_provider

-

Vulnerable

a

netapp

snapmanager

-

*

*

*

*

hyper-v

Vulnerable

o

netapp

h300s_firmware

-

Vulnerable

h

netapp

h300s

-

o

netapp

h500s_firmware

-

Vulnerable

h

netapp

h500s

-

o

netapp

h700s_firmware

-

Vulnerable

h

netapp

h700s

-

o

netapp

h410s_firmware

-

Vulnerable

h

netapp

h410s

-

o

netapp

h410c_firmware

-

Vulnerable

h

netapp

h410c

-

o

apple

ipados

Vulnerable

o

apple

iphone_os

Vulnerable

o

apple

macos

2

o

apple

tvos

Vulnerable

o

apple

watchos

Vulnerable

References

http://seclists.org/fulldisclosure/2022/Dec/21

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/24

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/25

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/26

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/27

https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b

PatchThird Party Advisory

https://gitlab.gnome.org/GNOME/libxml2/-/tags

Release NotesThird Party Advisory

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

PatchRelease NotesThird Party Advisory

https://security.netapp.com/advisory/ntap-20221209-0003/

Third Party Advisory

https://support.apple.com/kb/HT213531

Third Party Advisory

https://support.apple.com/kb/HT213533

Third Party Advisory

https://support.apple.com/kb/HT213534

Third Party Advisory

https://support.apple.com/kb/HT213535

Third Party Advisory

https://support.apple.com/kb/HT213536

Third Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/21

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/24

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/25

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/26

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/27

https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b

PatchThird Party Advisory

https://gitlab.gnome.org/GNOME/libxml2/-/tags

Release NotesThird Party Advisory

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

PatchRelease NotesThird Party Advisory

https://security.netapp.com/advisory/ntap-20221209-0003/

Third Party Advisory

https://support.apple.com/kb/HT213531

Third Party Advisory

https://support.apple.com/kb/HT213533

Third Party Advisory

https://support.apple.com/kb/HT213534

Third Party Advisory

https://support.apple.com/kb/HT213535

Third Party Advisory

https://support.apple.com/kb/HT213536

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-415

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-415

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-11-23T17:15:12.167Z

3 years ago

Last modified

2025-04-28T18:15:19.607Z

11 months ago